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COOKIE DATA STORED ON TRANSPORTABLE RECORDING MEDIUM 

5 

BACKGROUND OF THE INVENTION 
1. Field of the Invention 

The present invention relates to data communication 
between a user's apparatus and another apparatus, such as the 
SLO access from a terminal on the Internet to a Web site. More 
,2 particularly, the present invention relates to a technique 
^ of facilitating the handling of personal information of each 
" user and enhancing the security of the personal information. 



" 15 2. Description of the Related Art 

^ In recent years, the Internet has become increasingly 

popular and more and more services are being provided on the 
Internet. Amajor service offered on the Internet is WWW (World 
Wide Web)* that is a client/ server-type information search system. 

20 In WWW, server apparatuses (Web sites) provide information 
in HTML files and users of the Internet browse the information 
using browsing software called Web browsers at terminals (Web 
clients) - Various information and services are currently 
provided at numerous Web sites and a technology called "cookies" 

25 is widely used to provide information with efficiency. When 
a user enters a Web site/ the Web site stores data, such as 
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personal information of the user, as a cookie in the terminal 
of the user through the Web browser. The next time the user 
goes to the same Web site using the same terminal/ the Web 
site reads the cookie from the terminal and uses the read cookie 
5 to provide information to the user. * 

Cookies usually show personal information of users, 
the last dates and times the users visited Web sites, and the 
numbers of times the users have visited the Web sites. Cookies 
are also used to identify users. Therefore, cookies are used 
. JO as an element technology in various . authentication systems 
p. and personalizing systems that customize services provided 
in WWW for respective users and provide the customized services 
to the users. 

While being a useful technology, cookies also have 
;15 problems described below. One problem is caused by that Web 
sites store data, such as personal information of users, into 
terminals with which the users visit the Web sites* If a single 
user uses a plurality of -terminals or a plurality of users 
shares a single terminal or a plurality of terminals, therefore, 

20 Web sites cannot correctly obtain and use information of 
respective users with cookies. Also, if a user replaces an 
old terminal with new one, data stored as a cookie does not 
exist in the new terminal. Therefore, to continuously use 
the cookie even after the replacement, the user needs to copy 

25 the cookie from the old terminal to the new terminal, which 
constitutes a burden on the user. 
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Another problem is caused by that personal information 
of users may be automatically stored as cookies without the . 
users intending to do so and even Web sites, which are not 
the sites that stored cookies, may. refer to the cookies with 
5 relative ease. Consequently, there maybe cases where cookies 
are maliciously read, causing users' privacy to be violated 
or making users a victim of cyber fraud. This generates demand 
for the enhancement of the security of personal information, 

ilO SUMMARY OF THE INVENTION 

Si The object of the present invention is therefore to 

^" provide a service providing apparatus, a service providing 
method, and a se rvice providing program for use with a technology, ' 
[% such as cookies, that customizes services provided via a network 
1 15 for respective users . Each of the service providing apparatus , 
f service providing method, and service providing program 
correctly handles information unique to each user even if a 
. . single user uses a plurality of terminals or a plurality of 
users shares a single terminal or a plurality of terminals. 
20 Each of the service providing apparatus, service providing 
method, and service providing program also eliminates the need 
for users to perform burdensome operations, such as the copy 
of data, even if the users replace old apparatuses with new 
ones. Each of the service providing apparatus, service 
25 providing method, and service providing program further 
enhances the security of personal information. The object 

3 
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of the present invention is also to provide a recording medium 
that stores the service providing program and a recording medium 
that stores cookie information. 

The stated object is achieved by a service providing 
5 method of providing a current user of a first apparatus with 
each of services that are provided by a plurality of other 
apparatuses via a network, the first apparatus being able to 
communicate with each. of the plurality of other apparatuses 
- via the network and being locally connectable to a recording 
jlO medium, out of recording media that are uniquely assigned to 
users of the first apparatus, each recording medium being 
U transportable arid including an area for storing unique 
r information, the service providing method including: a service 
5 requesting step where the first apparatus requests a second 
gIS apparatus to provide a service desired by the current user, 
=;i the second apparatus being one of the plurality of - other 
apparatuses; a unique information reading step where, if a 
recording medium of the current user is locally connected to 
the first apparatus and stores unique information, the second' 
20 apparatus reads the unique information in the locally connected - 
recording medium via the first apparatus and the network; and 
a service providing step where the second apparatus customizes 
the desired service according to the read unique information 
and transmits the customized service to the first apparatus. 
25 With this method, an apparatus on the network reads 

the unique information stored in a transportable recording 

4 
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medium and customizes a service according to the read unique 
information. 

Also, if users are uniquely provided with recording 
media, the users are in a one-to-one correspondence with the 
5 recording media even if the users are not in a one-to-one 
correspondence with terminals . Therefore, when a user browses 
a Web site, pexsonal information of the user is correctly obtained 
from the user's recording medium. Also, even after replacing 
an old terminal with new one, the user can continuously receive 
yiO the same service by simply connecting the user 1 s recording 
^ medium to the new terminal. 

Here, in -the unique information reading step, if no 
- J unique information is stored in the locally connected recording 
^; medium or no recording medium is locally connected to the first 
1 15 apparatus, the second apparatus may not read unique information 
^ from anywhere, and in the service providing step, if no unique 

information has been- read in the unique information reading 
step, the ■ second apparatus may transmit the desired service 
to the first apparatus in an uncustomized state. 
20 . With this "method, if the unique information is. not 

read, the apparatus provides the user with* a service that is 
^iot customized. 

This allows the user to receive a service even without 
unique information. Also, because the unique information is 
25 stored only in the recording medium, the security of the unique 
information is enhanced. 

5 
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Here, the unique information stored in each recording 
medium may include user information that is inherent in a user 
assigned the recording medium, and in the service providing 
step, .the second apparatus may customize the desired service 
5 for the current user according to the user information included 
in the read unique information and transmit the customized 
service to the first apparatus. 

With this method, the apparatus reads user information 
included in the unique information stored* in the transportable 
"SlO recording medium and customizes the service for the user 
r ; 5 according to the user information. 

Also, because the user information is stored in the 
7" transportable recording medium, the user can continuously use 
| the same personal information without difficulty, even after 
^15 replacing an old terminal with new one. 

?1 Here, the service providing method may further include: 

a user information updating step, performed after the unique 
information reading step, where if the user information inherent 
in the current user needs to be updated, the second apparatus 
20 . updates the user information included in the read unique 
information and overwrites the user information in the locally 
connected recording medium with the updated' user information 
via the network and the first apparatus. 

With this method, if the user information needs to 
25 be updated, the second apparatus updates the user information. 
This makes it easy to manage the user information. 

6 
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Here, the user information in each recording medium 
may have been encrypted using a public key of a public key 
cryptosystem, the second apparatus may store a secret key 
corresponding to the public key , the second apparatus may decrypt 
5 the encrypted user information using the secret key and customize 
the desired service according to the decrypted user information 
in the service providing step, and the second apparatus may 
update the decrypted user information, encrypt the updated 
user information using the" public key, and overwrite the 

10 encrypted user information in the locally connected recording 
medium with the updated and encrypted user inf ormation in the 
user information updating step. 

With this method, user information that has been . 
encrypted using a public key is transmitted and received. 

15 As a result, the encrypted user information is read only by 
an authorized apparatus that stores a secret key. 

Here, the network may be the Internet, the first 
apparatus may be an Internet terminal that runs a specialized 
Internet browser/ each .of the plurality of other apparatuses 

20 maybe a Web site, the unique information stored in each recording 
medium may include cookie information used through the Internet 
browser, and each recording medium may store the cookie ■ 
information as a file. 

With this method, cookie information that has 

25 conventionally been recorded on a hard disc is stored in a 
transportable recording medium* 
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This reduces the possibility that the cookie information 
may be maliciously read f causing a user 1 s privacy to be violated 
or making the user a victim of cyber fraud - 

Here, the unique information stored in each recording 
5 medium may include a media identifier of the recording medium, 
the second- apparatus may store user information so that user 
information inherent in each user is associated with the media 
identifier of the recording medium assigned to the user, and" 
the service providing step may include: a user information 
SLO finding substep where the second apparatus finds user 

5 information associated with the. media identifier included in 

6 the read unique information; and a customizing substep where 
the second apparatus customizes the desired service for the- 

i current user according to' the found user information* 
~ 15 This allows the second apparatus to search for user 

information corresponding to the media identifier included 
in the unique information stored in the transportable recording 
medium and to customize the service for the user according 
to the user information* 
20 Even after replacing an old terminal with new one, 

therefore, the user can continuously receive the same service 
with the recording medium uniquely assigned to the user. Also, 
because the user information does not reside in the user's 
terminal, the possibility is reduced that the user information 
25 may be maliciously read from the user's terminal, - causing a 
user's privacy to be violated or making the user a victim of 

8 



O-c^qj ^ & g i} q m o q : ji t i^q 

WO 01/52168 PCT/US01/00881 

cyber fraud. 

Here, the service providing method may further include : 
a recording medium connection step, performed before the service 
requesting step, where the first apparatus is locally connected 
5 to. the recording medium assigned to the current user. * 

With this method, the recording medium is uniquely 
assigned to the user of the first apparatus and is locally 
connected to the first apparatus. 

Because the user uses the uniquely assigned recording 
; 10 medium, personal information is correctly obtained for the 
•;if user. 

; !l Here, the unique information stored in each recording 

3 medium may include a media identifier of the recording medium 
f and user information that is inherent in a user assigned the 
f 15 recording medium> the user information having been encrypted, 
^ and the service providing step may include: a user password 

. receiving substep where the second apparatus receives a user 
password from the current user via the first apparatus; a 
decryption key generating substep where the second apparatus 
20 generates a decryption key from the media identifier included 
in the read unique information and the received user password; 
a decryption substep where the second apparatus decrypts the 
encrypted user information included in the read unique 
information using the generated decryption key; and a 
25 customizing substep where the second apparatus customizes the 
desired service for the current user according to the decrypted 

9 
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user information. 

With this method, the encrypted user information is 
decrypted using the decryption key generated from the media 
identifier and the user password. This enhances the security 
5 of the user information. 

Here, each recording medium may include a secure data 

area, the. media identifier of each recording, medium may be 

stored in the secure data area of the recording medium, and 

the unique information reading step may include: a device 

vJ10 authentication substep where a device authentication is 

performed between the first apparatus and -the locally connected 

:7s recording medium; and a reading prohibition substep where > 

...... k 

Q if the device authentication has ended in failure, the second 

q apparatus is prohibited to read data from the secure data area 

=1 15 of the locally connected recording medium. 

With this method, if the device authentication has 

ended in failure, the .media identifier is not read. This 

enhances the security of the user information. 

20 BRIEF DESCRIPTION OF THE DRAWINGS 

These . and. other objects, advantages and features of 
the invention will become apparent from the following 
description thereof taken in conjunction with the accompanying 
drawings which illustrate a specific embodiment of the invention » 
25 In the drawings: 

Fig. 1 shows the construction of an information 

10 
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processing system of the first embodiment of the present 
invention; 

Fig. 2 shows the detailed construction of a recording 

medium; 

5 Fig. 3 shows the construction of an information 

processing apparatus; 

Fig, 4 shows an example content of personal information 
written by a writing unit into a non-secure data area of the 
recording medium; 
;fl0 Fig* 5 shows the construction of a file server; 

2 Fig. 6 is a flowchart showing the processing procedure 

of the information processing system of the first embodiment; 

Fig. 7 shows the construction of an information 
:f processing system of the second embodiment of the present 

^ 15 invention; 

O Fig. 8 shows the detailed construction of a recording 

medium; 

Fig. 9 shows the construction of an information 
processing apparatus; 
20 Fig. 10 shows the construction of a file server; 

Fig. 11 shows an example content of the personal 
information stored in a storing unit; and 

Fig. 12 is a flowchart showing the processing procedure 
of the information processing system of the second embodiment. 

25 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 



11 



WO 01/52168 PCT/US01/00881 

<First Embodiment> 
<Overview> 

In an information processing system 100 of the first 
embodiment of the present invention, the data area for storing 
5 cookies is reserved in a transportable recording medium. This 
allows the cookies to be used in different terminals by simply 
connecting the recording medium to the respective terminals . 
This also has cookies, which has conventionally been unique 
to respective terminals, become unique to respective users. 
10 The recording medium includes a secure data area that 

stores a media identifier and is accessible only by terminals 
whose authenticities have been proved by the device 

■ 

authentication with the recording medium. The recording medium 
also includes a data area that is not secure and stores a cookie, 

15 such as user information, that has been encrypted using a public 
key obtained under a public key cryptosystem. It should be 
noted here that the data area that is not secure is hereinafter 
referred to as the "non-secure data area" . 

• A Web site requested by an authorized terminal to provide 

20 a service reads the media identifier from the secure data area 
via the terminal and identifies the user of the terminal using 
the readmedia identifier. The Web site also reads the encrypted 
cookie from the non-secure data area, decrypts the read cookie 
using a secret key stored in the Web site, customizes the service 

25 • according to the decrypted cookie, and provides the customized 
service to the terminal. 
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It should be noted here that if the device authentication 
between the recording medium, and the terminal has ended in 
failure, the media identifier is not read and the Web site 
cannot identify the user. 
5 Also, unauthorized Web sites do not store the secret 

.key, so that the encrypted cookie cannot be decrypted by the 
unauthorized Web sites. As a result, the security of personal 
information is enhanced in comparison with a conventional 
system. 

10 

<Construction> 

Fig- 1 shows the construction of ■ the information 
processing system 100 of the first embodiment. 

The information processing system 100 includes a 
15 recording medium 110, an information processing apparatus 120, 
and a- file server 130. 

. The recording . medium 110 is, for instance, a 
semiconductor medium, such as a memory card, and a user locally 
connects the recording medium 110 to the information processing 
20 apparatus 120 via a port, a slot, or the like. 

The information processing apparatus 120 is a. client 
apparatus, such as an Internet terminal, that runs a specialized 
Web browser and is. connected to a network, such as the Internet. 
The information processing apparatus 120 is connected to the 
25 file server. 130 via the network, issues an access request to 
the file server 130, and browses information provided in HTML 



WO 01/52168 PCT/US01/00881 

files by the file server 130* 

The file server 130 is a server apparatus, such as 
a Web site, that is connected to a network, such as the Internet. 
The file server 130 is connected to the information processing 
5 apparatus 120 via the network and provides information in HTML 
files to the informat ion, processing apparatus 120. 

It should be noted here that the information processing 
apparatus 120 is not limited to an" Internet terminal and may 
be any other device that can access the information provided 
10 by the file server 130 via the network. For instance, the 
information processing apparatus * 120 may be • an 
Internet-accessible TV, STB, radio cassette tape recorder, 
microwave oven, or refrigerator. 

Fig- 2 shows the detailed construction of the recording 

15 medium 110. 

As shown in this drawing, the recording medium 110 

includes a secure data area 111, a non-secure data area 112, 

and an authentication unit 113. A media ID is stored in the 

secure data area 111. 
20 It should be noted here that media IDs are identifiers 

unique to respective recording media and are used to identify 

users and to generate encryption keys. 

- The authentication unit 113 performs an existing device. 

authentication, such as - a mutual authentication, with an 
25 apparatus to which the recording medium 110 is connected. 

In this embodiment, the authentication unit 113 performs a 

14 
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mutual authentication with an authentication unit 124 of the 
information processing apparatus 120. 

The secure data area 111 is a storage area that cannot 
be accessed without an access right. That is, only if the 
5 device authentication between the recording medium 110 and 
the information processing apparatus 120 has succeeded, ' the 
information processing apparatus 120 can access the secure 
data area 111. 

The non-secure data* area 112 is a storage area that 
10 can be freely accessed. That is, the information processing 
apparatus 120 can access the non-secure data area 112 even 
if the device authentication between the recording medium 110 

* 

and the information processing apparatus -120 has ended in 
failure . 

15 Fig. 3 shows the construction of the information 

processing apparatus 120. 

As shown in this drawing, the information processing 

apparatus 120 includes an input unit 121/ an encryption unit 

122, a transmission unit 123, an authentication unit 124, a 
20 receiving unit 125, a reading unit 126, a display unit 127, 

and a writing unit 128. 

The input unit 121 is an input device, such as a 

combination of a mouse and a keyboard, and receives various 

inputs from a user.. In this embodiment, the input unit 121 
25 receives a service providing request and personal information 

from the user. Here, the serviceproviding request is a request 

15 
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for providing a service* Also, the personal information is 
information unique to the user, such as the user's name, age, 
date of birth, sex, family, hobby, taste, address, telephone 
number, job, E-mail address, credit card number, and. pas sword, 
5 The encryption unit 122 encrypts the pefcsonal 

information received by the input unit .121* Here, the 
.encryption unit 122 receives a public key that has been obtained 
under a public key crypt osys tern, such as. a RSA cryptosystem, 
from the file server 130 and prestores the public key. The 
110 encryption unit 122 encrypts the personal information using 
the public key. 

The transmission unit 123 transmits, to the file server 
130, the service providing request received by the. input unit 
121, the media ID read by the reading unit 126, the personal 

15 information encrypted by the encryption unit 122, and the 
encrypted personal information read by the reading unit 126. 

Here, if the reading. unit 126 reads no personal information, 
the transmission unit 123 transmits a personal information 
unregisterednotif ication, instead of the personal information . 

20 The . personal ■ information unregistered notification is a 
notification showing that no personal information has been 
read. The authentication unit 124 performs an existing device 
authentication, such as a mutual authentication, with a 
recording medium that is connected to the information processing 

25 apparatus 120. 

In this embodiment, the authentication unit 124 performs 

16 
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a mutual authentication with the authentication unit 113 of 

the recording medium 110. 

The receiving unit 125 receives, from the file server 

130 , a media ID transmission request, a personal information 

5 transmission request, a service file, data for a personal 

information registration screen, and encrypted personal 

information. Here, the. media ID transmission request is a 

request for transmitting the media ID and the personal 

information transmission request is a request for transmitting 

10 the personal information. Also, the personal information 

registration screen is a screen for allowing the user to register 

personal information. Further, in addition to the information 

• 

items of the personal information received by the input unit 
121, the personal information received by the receiving unit 

15 125 includes information concerning the Web site (the file- 
server 130), such as the last date and time the user visited 
the Web site and the number of times the user has visited the 
Web site. The service file contains screen data provided as 
part of the service that the user requested by issuing the 

20 service providing request. The screen data is, for instance, 
used to display various information screens or a screen 
explaining an operating procedure. 

.The reading unit 12 6 reads, if a media ID transmission 
request is received by the receiving unit 125, the media ID 

25 from the secure data area 111 of the recording medium 110. 
Also, if a personal information transmission request is 
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received by the receiving unit 125, the reading unit 126 reads 
the personal information from the non-secure data area 112 
of the recording medium 110. It should be noted here that 
if the device authentication between the recording medium 110 
5 and the informationprocessing apparatus 120 has ended in failure, 
the access to the secure data area 111 is prohibited so that 
the reading unit 126 cannot read the media ID from the secure 
data area 111. 

The display unit 127 displays a personal information 

10 registration screen according to the data for the personal 
information registration screen received by the receiving unit 
125. The display unit 127 also displays a service screen for 
the user according to the service file received by the receiving 
unit 125. The service screen is a screen displayed as part 

15 of the service that the user requested by issuing the service 
providing request. 

The writing unit 128 writes personal information, which, 
have been received and encrypted by the receiving unit 125, 
into the non-secure data area 112 of the recording medium 110. 

20 . Fig. 4 shows an example content of the personal 

information written by the writing unit 128 into the non-secure 
data area 112 of the recording medium 110. 

Fig. 5 .shows the construction of the file server 130. 
As shown in this drawing, the file server 130 includes 

25 a receiving unit 131, a user identifying unit 132, a decryption 
unit 133, a file material storing unit 134, a file editing 
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unit 135/ a personal information updating unit 136, and -a 
transmission unit 137 . 

The receiving unit 131 receives a service providing 
request, a media ID, an encrypted personal information, a 
5 personal information unregistered notification, and a personal 
information changing request from the* transmission unit 123 
of the information processing apparatus 120. The personal 
information changing request is a request for changing the 
personal information. 
10 The user identifying unit 132 identifies the user using 

the media ID received by the receiving unit 131. 

The decryption unit 133 decrypts the encrypted personal 
information received by. the receiving unit 131- Here, the 
decryption unit 133 prestores a secret key that has been obtained 
15 under a public key cryptosystem, such as a RSA cryptosystem, 
and decrypts the encrypted personal information using the secret 
key. 

The file material storingunit 134 stores file materials 
that have been classified according to hobbies and tastes of 
20 users. 

The file editing unit 135 refers to the personal 
information decrypted by the decryption unit 133 and generates 
a service file by extracting each file material, which 
corresponds to the user ■ s hobby and taste shown by the decrypted 
25 personal information, from the file material storing unit 134 
and editing each extracted file material ; 

19 
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The personal information updating unit 136 provides 
the data for the personal information registration screen, 
updates the personal information decrypted by the decryption 
unit 133, and. encrypts the updated personal information, if 
5 the receiving unit receives a personal information unregistered 
notification or a personal information changing request. Here, 
the personal information updating unit 136 prestores a public 
key that has been obtained under a public key cryptosystem, 
such as a RSA cryptosystem, * updates the personal information 
10 by changing -information concerning the Web site, such as the 
last date and time the user visited the Web site and the number 
of times the user has visited the Web site, and encrypts the 
updated personal information using the public key. 

The transmission unit 137 transmits a media ID 
15 transmission request and a personal information transmission 
request, if the receiving unit 131 receives a service providing 
request. The transmission unit 137 also transmits the service 
file generated by the file editing unit 135, the data for the 
personal information registration screen provided by the 
20 personal information updating unit 136, and the personal 
information that has been updated and encrypted by the personal 
information updating unit 136* 

<0peration> 

25 . Fig. 6 is a flowchart showing the processing procedure 

of the inf ormationprocessing systemlOO of the first embodiment . 

20 
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The processing procedure is briefly described below 
• with reference to this drawing. 

(1) The input unit 121 of the information processing 
apparatus 120 receives a service providing request from the 

5 user (step SI) • 

(2) The transmission unit 123 transmits the service 
providing request received by the input unit 121 to the file 
server .130 (step S2) • 

(3) The receiving unit 131 of the file server 130 receives 
10 the service providing request from the information processing 

apparatus 120 (step S3) . 

(4) The transmission unit 137 transmits a media ID 
transmission request and a personal information transmission 
request to the information processing apparatus 120 (step S4) _ 

15 (5) The receiving unit 125 of the information processing - 

apparatus 120 receives the media ID transmission request and 
the personal information transmission request from the file 
server 130 (step S5) « 

(6) The reading unit 126 reads a media ID from the secure 

20 data area 111 of the recording medium 110 according to the 
. media ID transmission request. Also, the reading unit 126 
reads encrypted personal information from the non-secure data 
•area 112 of the recording medium 110 according to the personal 
information transmission request. Needless to say, if no. 
25 personal information is stored in the non-secure data area 
112, the reading unit 126 cannot read personal information 

21 
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from the non-secure data area 112 (step S6) . 

(7) The transmission unit 123 transmits the media ID and 
encrypted personal information read by the reading unit 126 
to the file server 130. If the reading unit 126 has read no 

5 personal information, the transmission unit 123 transmits a 
personal information unregistered notification, instead of 
personal information (step S7) • 

(8) The receiving unit 131 of the file server 130 receives 
a pair of the media ID and the encrypted personal information 

10 or a pair of the media ID and the personal information- 
unregistered notification- The user identifying unit 132 
identifies the user using the received media ID (step S8) . 

(9) It is judged whether the receiving unit 131 has received 
personal information or a personal information unregistered 

15 notification (step S9) - 

(10) If the receiving unit 131 has received a personal 
information unregistered notification, the personal 
information updating unit 136 provides the data for the personal 
information registration screen and the transmission, unit 137 

20' transmits the data (step S10) . 

(11) The receiving unit 125 of the information processing 
apparatus 120 receives the data for the personal information 
registration screen transmitted from the file server 130 and 
the display unit 127 displays the personal . information 

25 registration screen (step Sll) . 

(12) The input unit 121 receives personal' information 

22 
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inputted by the user through the personal information 
registration screen (step S12) . 

(13) The encryption unit 122 encrypts the personal 
information received by the input unit 121 and the transmission 

5 unit 123 transmits the encrypted personal information 'to the 
file server 130 (step S13) . 

(14) The receiving unit 131 of the file server 130 receives 
the encrypted personal information (step S14) ♦ 

(15) The decryption unit 133 decrypts the encrypted personal 
10 information received by the receiving unit 131 (step S15) . 

(16) The . file editing unit 135 refers to the personal 
information decrypted by the decryption unit 133 and generates 
a service file by extracting each file material, which- 
corresponds to the user • s hobby and taste shown by the decrypted 

15 personal information, from the file material storing unit 134 
and editing each extracted file material (step S16) . 

(17) The personal information updating unit 136 updates 
the personal information decrypted by the decryption unit 133 
and encrypts the updated personal information (step S17) 

20 (18) The transmission unit 137 transmits the service file 
generated by the file editing unit 135 and the personal 
information updated and encrypted by the personal information- 
updating unit 136 (step S18) . 

(19) The receiving unit 125 of the information processing 
25 apparatus 120 receives the service file from the file server 
130 and the display unit 127 display a service screen for the 
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user according to the received service file. The receiving 
unit 125 also receives the updated and encrypted personal 
information and the writing unit 128 writes the received personal 
information into the non-secure data area 112 of the recording 
5 medium 110 (step S19) . 

As described above, in the information processing system 
of the first embodiment/ personal information concerning a 
user is encrypted and stored in a transportable recording medium 
and a server reads the personal information from the recording 

10 medium, decrypts the read personal information, and customizes 
a requested service for the user according to the decrypted 
personal information. To use an information processing 
apparatus, each user needs to connect a transportable recording 
medium, which is uniquely assigned to the user and stores personal 

15 information of the user, to the information processing apparatus . 
This allows the file server to correctly handle personal 
information of each user . . In the information processing system 
of the first embodiment, the security of personal information 
is also enhanced because personal information that has been 

20 encrypted is stored in a transportable recording medium. 

It should be noted here that an encryption key may 
be generated from a media ID and personal information may. be 
encrypted using the encryption key and stored in the non-secure 
data area of a recording medium. Also, an encryption key may 

25 be generated from a media ID and a user password designated 
by a user. 
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In the first embodiment, encrypted personal information 
concerning a user is stored in the non-secure data area of 
a transportable recording medium. However, the encrypted 
personal information may be stored in the secure data area 
5 of the transportable recording medium. In this case, the 
recording medium does not need to include a non-secure data 
area. 

If a recording medium is not connected to the information 
processing apparatus or if ' a recording medium connected to 
10 the information processing apparatus stores no personal 
information, the file server may provide a requested service 
without customizing the service. 



<Second Embodiment> 
15 <Overview> 

• In the first embodiment, encrypted personal information 
concerning a user is stored in a transportable recording medium. 
* In the second embodiment, however, personal information that 
is not encrypted is stored in a file server. 
20 In this embodiment, each transportable recording medium 

stores a media identifier and is uniquely provided to a user. 
A file server stores personal information of respective users, 
with the personal information of each, user being associated 
with one media identifier. The file server reads a media 
25 identifier from a recording medium, searches for personal 
information corresponding to the media identifier, and 
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customizes a service according to the corresponding personal 
information . 

In the first embodiment, encrypted personal information 
is stored and transmitted to enhance the security of personal 
5 information. In the second embodiment, although encrypted 
personal information is transmitted between the information 
processing apparatus and the file server like the first 
embodiment, personal information that is not encrypted is stored 
in a file server. This is because there is no security problem 
10 in the file server. 

<Construction> 

♦ 

Fig. 7 shows the construction of an information 
processing system 200 of the second embodiment. 
15 As shown in this drawing, the information processing 

system 200 includes a recording medium 210, ah information 
processing apparatus 220, and a file server 230. 

- The recording medium 210, the information processing 
apparatus 220, and the file server 230 are respectively similar 
20 to the recording medium 110, the information processing 
apparatus 120, and the file server 130. 

The construction elements having the same functions 
as those, of the first embodiment are assigned the same names 
and numbers as in the first embodiment and are not described 
25 here* 

Fig. 8 shows the detailed construction of the recording 
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medium 210. 

As shown in this drawing, the recording medium 210 
includes a secure data area 111, a non-secure data area 112, 
and an authentication unit 113. A media ID is stored in the 

5 secure data area 111- 

Fig. .9 shows the construction of the information 

processing apparatus 220. 

As shown in. this drawing, the information processing 
apparatus 220 includes .an input unit 121, an encryption unit 
10 122, a transmission unit 223, an authentication unit 124, a 
receiving unit. 225, a reading unit 226, and a display unit 
127. 

The transmission unit 223 transmits the- service 
providing request received by the input unit 121, the media 
15 ID read by the reading unit 226, and the personal information 
encrypted by the encryption unit 122 to the file server 2*30. 
Here, if the reading unit 226 cannot read a media ID, the 
transmission unit 223 transmits a media ID reading- impossible 
notification, instead of the media ID. The media ID reading 
20 impossible notification is a notification showing that the 
reading unit 226 has read no media ID. 

The receiving unit 225 receives a media ID transmission 
request, a service file, and data for a- personal information 
registration screen from the file server 230. 
25 The reading unit 226 reads, if a media ID transmission 

request is received by the receiving unit 225, a media ID from 
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the secure data area 111 of the recording medium 210 . It should 
be noted here that if. the device authentication between the 
recording medium 210 and the information processing apparatus 
220 has ended in failure, the access to the secure data area 
5 111 is prohibited so that the reading unit 22 6 cannot read 
the media ID from the secure data area 111, 

Fig. 10 shows the construction of the file server 230. 
As shown this drawing, the file server 230 includes 
a receiving unit 231, a personal information searching unit 
10 232, a decryption unit 133, a file material storing unit 134, 
a file editing unit 235, a personal information updating unit 
236, a transmission unit 237, and a storing unit 238. 

The receiving unit 231 receives a service providing 
request, a media ID, encrypted personal information, a media 
15 ID reading impossible notification, and a personal information 
changing request from the transmission unit 223 of the 
information processing apparatus 220. 

The personal information searching unit 232 searches 
the storing unit 238. for personal information that corresponds 
20 to the media ID received by the receiving unit 231. 

The file editing unit 235 refers to the corresponding 
personal information and generates a service file by extracting 
each file material, which corresponds to the user's hobby and 
taste shown by the personal" information, from the file material 
25 storing unit 134 and editing each extracted file material. 
Here, if the receiving unit 231 receives a media ID reading 
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impossible notification instead of a media ID, the file editing 
unit 235 generates a service file by extracting each file that 
appeals to all tastes from the file material storing unit 134 
and editing each extracted file material. 
5 The personal information updating unit 236 provides 

the data for the personal information registration screen and 
updates the personal information stored in the storing unit 
238 with the personal information decrypted by the decryption 
unit 138 , if the personal information searching unit 232 cannot 
! ji 10 find personal information corresponding to the media ID received 
""5 by the receiving. unit 231 or if the receiving unit 231 receives 

} n a personal information changing request. 

.r The transmission unit 237 transmits a media ID 

transmission request, a service file generated by the file 
l!l 15 editing unit 235, and the data for the personal information 
'% registration screen provided by the personal information 

updating unit 236 if the receiving unit 231 receives a service 

providing request . 

The storing unit 238 stores personal information of 
20 users so that the personal information of each user is associated 

with the media ID stored in the recording medium provided to 

the user. 

Fig. 11 shows an example content of the personal 
information stored in the storing unit 23.8. 

25 

<Operation> 

29 
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Fig. 12 is a flowchart showing the processing procedure 
of the information processing system of the second embodiment. 

The processing procedure is briefly described below 
with reference to this drawing. 
5 (1) The input unit 121 of the information processing 

apparatus 220 receives a service providing request from the. 
user (step S21) . 

(2) The transmission unit 223 transmits the service 
providing request received by the input unit 121 to the file 

10 server 230 (step S22) . 

(3) The receiving unit 231 of the file server 230 receives 
the service providing request from the information processing 

• apparatus 220 (step S23) . 

(4) The transmission unit 237 transmits a media ID 
15 transmission request to the information processing apparatus 

220 (step S24) . 

(5) The receiving unit 225 of the information processing 
apparatus 220 receives the media ID transmission request from 
the file server 230 (step S25) . 

20 (6) The reading unit 226 reads a media ID from the secure 
data area 111 of the recording medium 110 according to the 
media ID transmission request. Here, if the recording medium 
. 210 is not connected to the information processing apparatus 
220, the reading unit 226 cannot read the media ID from the 

25. secure data area 111. Also, if "the device authentication 
between the recording medium 210 and the inf ormation processing 
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apparatus 220 has ended in failure., the information processing 
apparatus 220 is prohibited to access the secure data area 
111. Therefore, the reading unit 226 cannot read the media 
ID from the secure data area 111 (step S2 6) . 
5 (7) The transmission unit 223 transmits the media ID read 

by the reading unit 126 to the file server 230. If the reading 
unit 126 cannot read the media ID, the transmission unit 223 
transmits a media ID reading impossible notification (step 
S27). 

10 (8) The receiving unit 231 of the file server 230 receives 

a media ID or a media ID reading impossible notification from 
the transmission unit 223 (step S28) . 

(9) It is judged whether the receiving unit 231 has received 
a media ID or a media ID reading impossible notification (step 

15 S29) . 

(10) If the receiving unit 231 has received" a media ID, 
the personal information searching unit 232 searches the storing 
unit 238 for personal information corresponding to the media 
ID received by the receiving unit 231 (step S30) . 

20 (11) The file editing unit 235 refers to the corresponding 
personal information and generates a service file by extracting 
each file material, which corresponds to the user's hobby and 
taste shown by the personal information, from the file material 
storing unit 134 and editing each extracted file material .(step 

25 S31) . 

(12) If the receiving unit 231 has received a media ID reading 
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impossible notification, the file editing unit 235 generates 
a service file by extracting each file material that appeals 
to all tastes from the file material storing unit 134 and editing 
each extracted file material (step S32) . 
5 (13) The transmission unit 237 transmits the service file 
generated by the file editing unit 235 (step S33) . 
(14) The receiving unit 225 of the information processing 
apparatus 220 receives the service file from the file server 
230 and the display unit 127 display a service screen for the 

10 user according to the received service file (step S34) . 

As described above, in the information processing system 
of the second embodiment, a media ID is stored in a transportable 
recording medium. A file server receives the media ID read 
by an information processing apparatus, searches for personal 

15 information corresponding to the received media ID, and 
customizes a requested service according to the corresponding 
personal information. . To use an information processing 
apparatus, each user needs to connect a transportable recording 
medium, which is uniquely as signed to the user, to the information 

20 processing apparatus • This allows the file server to correctly 
handle personal information of each user. 

It should be noted here that each embodiment may be 
achieved by software. Also, the software may be stored in 
a computer- readable recording medium, such as a CD-ROM . Like 

25 the service providing apparatus, the computer-readable 
recording medium, becomes the subject of production, use, 
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transfer, lease, import, or an offer of transfer or lease. 

INDUSTRIAL USE POSSIBILITY 

The present invention is applicable to data 
5 communication between a user ? s apparatus and another apparatus, 
such as the access from an Internet terminal to a Web site. 
By uniquely providing recording media of the present invention 
to users, the users are in a one-to-one correspondence with 
the recording media even if the users are not in a one-to-one 
10 correspondence with terminals . Therefore, when a user browses 
a Web site, personal information of the user is correctly obtained 
from the user's recording medium. Also, even after replacing 
an old terminal -with new one, the user can continuously receive 
the same service by simply connecting the user's recording 
15 medium to the new terminal. This facilitates the handling 
of personal information of the user. 

Also, a Web site does not specify a user wi.thout a 
recording medium being connected to a terminal. Therefore, 
the security of personal information is- enhanced without 
20 difficulty by managing the recording media provided- to users . 

Further, the transportable recording medium of the 
present invention may store cookie information obtained through 
an Internet browser. This reduces the possibility that the 
cookie information may be maliciously read, causing a user's 
25 privacy to be violated or making the user a victim of cyber 
fraud. 
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